Using Unique Local Addresses
-
In addition to Global Unique Addresses (GUA), IPv6 can also use Unique Local Addresses (ULA). These are the IPv6 equivalent of RFC 1918 addresses on IPv4. One instance where ULA may be useful is when an ISP does not provide a consistent prefix, despite Do not allow PD/Address release being selected. As a result, it becomes difficult to use DNS to access local devices. By using ULA a consistent address can be created for the local devices. These addresses will be within the range of fc:: /7.
There are two parts to enabling ULA. First, a prefix has to be created on the Router Advertisements page.
The prefix must start with fc or fd and the rightmost digits are used to select the IPv6 Prefix ID. The rest of the prefix can be random digits.
In this example I use 0 for the Prefix ID, to match with the GUA.
The other part is to assign Virtual IP Address to the interface.
As shown, I have created VIPs for three different networks, each with it's own Prefix ID. This is exactly the same as the prefix for the GUA, except that the GUA prefix has been replaced with the ULA prefix.
An easy way to obtain a 64 bit random number, for creating the ULA prefix, is to go to www.grc.com and click on Services > Perfect Passwords. Then copy 16 digits of the contents of the 64 random hexidecimal characters box and replace the first two digits with fc or fd.
Once the ULA addresses have been enabled, the DNS can be configured to use those addresses.
-
@jknott According to RFC4193 fc::/7 is set aside for this purpose, and pp3.1 further clarifies that locally assigned ULA prefixes are to be allocated in fd::/8, whereas fc::/8 is reserved for future use.
You could also presumably use NPt to translate the ULA into a GUA address space thereby replicating the behavior of the RFC1918 address space, although one of the underlying features of IPv6 is to specifically not need to do NATing, not to mention protocol breakage that may ensue.
It boggles the mind how many providers don't understand how IPv6 is supposed to work and vendors who deliver solutions that only go 90% of the way leaving you to fend for yourself for the remaining 10%.
-
My understanding is that fc:: /8 was to be used with an external prefix server, but that never happened, so all of fc:: /7 is now used for locally assigned addresses. However, to keep things pure, just use fd , as I do here.
I'm allergic to NAT.
I agree that many providers and others don't understand fully how IPv6 works, because they're stuck in the IPv4 world. I've come across this with my own ISP that otherwise is quite good with IPv6. When I had a problem a couple of years ago, I found I had to explain the finer points of DHCPv6-PD and link local routing to the 2nd level help desk and a senior tech. I wrote this article to address some questions that have popped up here.
-
@awebster said in Using Unique Local Addresses:
It boggles the mind how many providers don't understand how IPv6 is supposed to work and vendors who deliver solutions that only go 90%
Same here, but I think your giving them too much credit with the 90% number ;)
-
There's another method to generate a random number. At the FreeBSD or Linux command prompt, enter the command ps aux|shasum, which will return a 40 digit random number.
ps aux|shasum
23501cdc1873bf37181127051dff8384df2132af -ps aux lists system processes and shasum generates a hash of it.
-
One thing I forgot to mention. You'll need to create a DNS Access List entry to cover the range of ULA addresses used. This can be done individually for each interface or block of ULA used on your network. I used a /56 block to cover any ULA on my network.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-